GoDaddy, probably one of the biggest names in the domain registrars, revealed the breach of the serious cybersecurity and data of more than 12 million WordPress users at risk. In its disclosure to the US Securities and Exchange Commission, the company informed that it had discovered unauthorized third-party access to our managed WordPress hosting environment.
While explaining the whole incident, Demetrius Comes said that “Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed. The data breach presents a risk of phishing attacks, he added.
GoDaddy said, “We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation against the hacking with the help of the IT forensics firms and contacted law enforcement. Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for managed WordPress.”
Now it is to see how data breach affects the GoDaddy users.
How Does Data Breach Affect Godaddy Users?
While there isn’t any information about taking advantage of the user’s data, users will get worried that their SSL credentials can be used to mimic domains that legal companies own. Other concerns include that the keys may be used to hijack domain names and blackmail companies. The affected users should generate new certificates and private keys.
What is Exposed in GoDaddy Data Breach?
Following data are exposed due to the GoDaddy Security Breach-
- Email address and customer numbers exposed up to 12 Lakh users.
- The original WordPress Admin password was set at the time of provisioning.
- sFTP and database usernames and passwords of active customers.
- SSL private key.
GoDaddy apologizes to their customers for the data security breach and claims to fix the issues as early as possible by resetting the WordPress Admin password with sFTP and database usernames and passwords.